Sanitize review html

app/helpers/application_helper.rb

@@ -103,7 +103,7 @@ def relative_time(date, abbr=true, with_time=true, with_parens=true)
     "#{datestamp}#{' '+timestamp if with_time} #{ago}"
   end
 
-  def unescape_entities(html)
+  def unescape_entities(html, leave_dirty = false)
     return nil if html.nil?
     unescaped_html = html
     unescaped_html.gsub!(/&/, "&")
@@ -125,7 +125,12 @@ def unescape_entities(html)
     # Replace CDATA junk
     unescaped_html.gsub!(/\<\!\[CDATA\[/, '')
     unescaped_html.gsub!(/\]\]\>/, '')
-    return unescaped_html
+
+    if leave_dirty
+      unescaped_html
+    else
+      sanitize unescaped_html
+    end
   end
 
   def sanitize_summary(html)